Beruflich Dokumente
Kultur Dokumente
AGENDA
Description
Roaming Modes - Xirrus
Client Operation
Use and Configuration of Xirrus Roaming Services
Vendor Interoperability
ROAMING
unnecessary roaming
What do you do?
DESCRIPTION
Roaming
- The act of a client moving from radio to radio on same SSID
- Goal is to allow connected mobility for clients.
Additional Info:
- 2 Types of Roaming
DESCRIPTION - STANDARDS
The IEEE 802.11 standard continues to evolve to improve interoperability
802.11f Inter-Access
802.11i
(Supported)
IEEE 802.11i is an amendment to the original IEEE 802.11and specifies security
mechanisms for wireless networks. It includes improvements including, but not limited
to WPA2, 802,1x and sharing of security keys (PMK caching)
802.11k
802.11r
Layer 2 roaming is fully defined within the 802.11(i) standard and allows for
seamless/ secure roaming of 802.11 clients without requiring any additional
configuration.
Layer 3
Some customer want to define their network such that if a user roams
between APs connected to different domains (VLAN/Subnet), clients will
maintain the same IP address. Typically to support real-time data traffic,
such as voice and/or video
Roaming Assist
CLIENT OPERATIONS
Associated clients continue to seek stronger radios on the same SSID,
roaming to the new radio when defined threshold(s) are met.
Operation
Per 802.11 - Clients decide when to roam, APs do not tell them (*proprietary solutions)
Roaming decisions are normally based on the RSSI (Received Signal Strength Indicator)
difference between current association and that of nearby AP/radio.
Roaming based on a stronger RSSI is not always the best choice. RF band (2.4/5Ghz),
mode (11a/b/g/n/ac) or traffic load may offset any signal strength value.
Configuration
Client Roaming Settings
Aggressiveness - Defines how aggressively client will
try to roam based on RSSI values.
Capabilities vary consider ability
Proprietary Solutions
Cisco Compatible Extensions (CCX), etc.
Standards Development
802.11k and 802.11r are designed to provide
improved/standards based roaming as well as
allow infrastructure (APs) to control client roaming
2013 XIRRUS :: All Rights Reserved
Use Example
Xirrus L2 Roaming
In almost all case no Layer 2 roaming settings are required or recommended
802.11i defines and controls 100% of PMK sharing and preauthentication
Station pre-auths with other IAPs and Array in the same L2 subnet
This shortens the Radius authentication only conducting the 4 way EAPOL
handshake upon a roam.
Only potential use for this is with WPA clients (non-802.11i)
Xirrus has a proprietary fast Roaming solution for this
However many WPA client do not understand and or accept this and may fail to roam
do to bypassing Radius server connection
10
11
Directory
Server
10.100.52.xxx
10.100.67.xxx
Client
10.100.52.101
12
Directory
Server
10.100.52.xxx
10.100.67.xxx
13
Authentication
Server
10.100.52.xxx
10.100.67.xxx
L3 Tunnel
PMK exchange
Between
Subnets
(L3 Roaming)
PMK exchange
Array1
PMK Cache
Array2
STA
1. Initial Association
Station Keys derived
via 802.1x Auth Server
Array3
STA
L2 Roaming
STA 1
MESH / WDS
STA 1
L3 Roaming
Between
subnets
Array4
STA
STA 1
L3 Roaming
STA1
14
STA
PMK Cache
VENDOR INTEROPERABILITY
Open SSID
- Open SSID roaming between wireless vendors should be unimpeded as long as
the backend network is the same L2 network and there is nothing required on the
client other than it making the choice to roam to an infrastructure radio.
authentication mode and PSK are identical. Some vendors allow mixed WPA
and/or WPA2 SSID configuration. Has been known to cause roaming issues.
15
THANK YOU!
TRAINING@XIRRUS.COM
16